Adobe Commerce and Magento stores facing attack from dangerous malware

Magento
(Image credit: Magento)

Some of the world’s most popular ecommerce platforms were carrying vulnerabilities that allowed threat actors to run code remotely, deploy malware, and even steal payment information from the customers, experts have warned.

Countless websites using Adobe Commerce and Magento platforms have already been compromised, including heavyweights such as Ray Ban, National Geographic, Cisco, Whirlpool, and Segway, cybersecurity researchers Sansec have claimed.

They claim roughly 5% of all websites powered by these platforms have already been hacked by the vulnerability, dubbed “CosmicSting”, with up to five new ones being added every hour in what they claim is the “worst bug” to hit the two platforms in years.

Chaining flaws

The vulnerability, tracked as CVE-2024-34102 with a severity score of 9.8/10 (critical), is described as “improper restriction of XML external entity reference (XXE)” flaw.

The patch for the flaw was released in June 2024, while CISA added it to its KEV catalog in July, however newer attacks, observed from August onward, were chaining CosmicSting with a vulnerability called CNEXT, and tracked as CVE-2024-2961. Together, these two bugs grant the attackers the ability to run code remotely, and essentially take over the entire system.

The researchers identified at least seven groups that were taking advantage of these vulnerabilities. The groups are not exactly household names in the cybercriminal community - Bobry, Polyovki, Surki, Burunduki, Ondatry, Khomyaki, and Belki. Regardless of their status, they are still a formidable foe, since at least one used CosmicSting with CNEXT to plant skimmer malware to the victim websites.

Skimmers work by stealing payment information during the checkout process, and sending it to the attackers. Crooks can either sell the credit card data on the black market, or use it to fund additional campaigns. Every now and then, we see ad campaigns on Google, Facebook, and elsewhere, promoting malicious websites and programs, and the majority of those campaigns are funded like this.

"Merchants are strongly advised to upgrade to the latest version of Magento or Adobe Commerce," Sansec said. "They should also rotate secret encryption keys, and ensure that old keys are invalidated."

Via TheHackerNews

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.